Security and open wifi hotspots

Archived from groups: alt.internet.wireless (More info?)

A friend asked me something but as I know nothing about wifi I couldn't
answer it. I'm hoping someone here can :o)

If he takes his laptop into a cafe or a bar where there is an open wifi
hotspot (presumably these are called access points??) and say, for instance,
he logs on to his ISPs mail server to pick up his email through that access
point, how secure is that connection? Would the login info for his email
server be cached anywhere for the owner of the access point (or anyone else
for that matter) to see after he's left the cafe?

Sorry if these are really basic questions but as they say on "Who Wants to
be a Millionaire?" the questions are only easy if you know the answers :o)

Cheers,

Mogweed
14 answers Last reply
More about security open wifi hotspots
  1. Archived from groups: alt.internet.wireless (More info?)

    "Mogweed" <mogweedTWOTHOUSAND@hotmail.com> wrote in message
    news:cfq4ck$j5q$1@titan.btinternet.com...
    > A friend asked me something but as I know nothing about wifi I couldn't
    > answer it. I'm hoping someone here can :o)
    >
    > If he takes his laptop into a cafe or a bar where there is an open wifi
    > hotspot (presumably these are called access points??) and say, for
    instance,
    > he logs on to his ISPs mail server to pick up his email through that
    access
    > point, how secure is that connection?

    ZIP, NADA, ZERO, ZILCH, IT ISN'T

    >Would the login info for his email
    > server be cached anywhere for the owner of the access point (or anyone
    else
    > for that matter) to see after he's left the cafe?
    >
    > Sorry if these are really basic questions but as they say on "Who Wants to
    > be a Millionaire?" the questions are only easy if you know the answers
    :o)
    >
    > Cheers,
    >
    > Mogweed
    >
    >
  2. Archived from groups: alt.internet.wireless (More info?)

    On Mon, 16 Aug 2004 11:04:52 +0000 (UTC), "Mogweed"
    <mogweedTWOTHOUSAND@hotmail.com> wrote:

    >If he takes his laptop into a cafe or a bar where there is an open wifi
    >hotspot (presumably these are called access points??) and say, for instance,
    >he logs on to his ISPs mail server to pick up his email through that access
    >point, how secure is that connection?

    Totally insecure. Anyone can "sniff" the traffic. There are
    applications to re-assemble email messages (both POP3 and SMTP) from
    sniffed packets. Worse, his POP3 and SMTP authentication logins and
    passwords are normally sent unencrypted and can be easily extracted
    from the sniffed packets. Very few hot spots use any form of RF
    security (WEP, WPA, VPN) and are therefore completely insecure.

    Methinks that the best way to check your mail is through a secure web
    server using SSL, or through a VPN provided by the ISP. These cannot
    be sniffed. However, most users screw up badly by setting their email
    clients to "check mail on startup" or "check mail every xx minutes"
    which are usually the default. Same with cute little system tray
    applications or IM clients that inform you that there is mail waiting.
    These send the POP3 login and password when the computer boots, and
    BEFORE a secure tunnel can be established. The only thing worth
    sniffing from these is the login and password, but that's all I'm
    usually interested in collecting. Anyway, I suggest you turn OFF
    automatic mail checking on laptops.

    One of the fun things to do is fire up a sniffer in areas where there
    are a suitable number of wireless users and run a JPG sniffer:
    http://ntkernelhacker.tripod.com/wireless/Pikachu.html
    http://www.etherpeg.org
    You get to see what everyone else is browsing. Amazing how much porno
    comes across the wireless (usually from spyware) in the least expected
    places. It also captures email, but that's usually boring.

    List of WinPcap based wireless sniffer tools:
    http://winpcap.polito.it/misc/links.htm
    Most are legitimate, but there are some interesting tools mixed in.

    >Would the login info for his email
    >server be cached anywhere for the owner of the access point (or anyone else
    >for that matter) to see after he's left the cafe?

    No. It would be cached on my laptop, that I left running with a
    wireless sniffer, in my parked car, near the hot spot. Capturing
    passwords is not a desireable feature and besides most hot spots are
    rather unsophisticated.

    >Sorry if these are really basic questions but as they say on "Who Wants to
    >be a Millionaire?" the questions are only easy if you know the answers :o)

    Intelligence is largely the ability to ask the right questions.


    --
    Jeff Liebermann jeffl@comix.santa-cruz.ca.us
    150 Felker St #D http://www.LearnByDestroying.com
    Santa Cruz CA 95060 AE6KS 831-336-2558
  3. Archived from groups: alt.internet.wireless (More info?)

    "Mogweed" <mogweedTWOTHOUSAND@hotmail.com> wrote in
    news:cfq4ck$j5q$1@titan.btinternet.com:

    > A friend asked me something but as I know nothing about wifi I
    > couldn't answer it. I'm hoping someone here can :o)
    >
    > If he takes his laptop into a cafe or a bar where there is an open
    > wifi hotspot (presumably these are called access points??) and say,
    > for instance, he logs on to his ISPs mail server to pick up his email
    > through that access point, how secure is that connection? Would the
    > login info for his email server be cached anywhere for the owner of
    > the access point (or anyone else for that matter) to see after he's
    > left the cafe?
    >
    > Sorry if these are really basic questions but as they say on "Who
    > Wants to be a Millionaire?" the questions are only easy if you know
    > the answers :o)
    >

    It's not secure at all from what I understand. They do have ISP(s) that
    provide a VPN solution for user who use wireless hot spots or cafes. The
    VPN client software is installed on the user's computer allowing the
    computer to make a VPN secure connection between the wireless computer
    and the VPN server software on the ISP's server. A secure and encrypted
    connection VPN end point to VPN end point prevents someone from
    eavesdropping on the traffic on the wireless. You'll have to search
    Google for those VPN ISP(s) as they are out there.

    Duane :)
  4. Archived from groups: alt.internet.wireless (More info?)

    If the ISP is a standard cable/ADSL provider, then connecting to the POP
    mail server is typically *not* encrypted. Login to the ISP's web service,
    which may use the same userid/password, often is secured. My SBC ADSL
    service appears to always encrypt the userid/password during web login, and
    offers a secure login button on the splash page which causes the entire
    transaction to be encrypted. However, whenever I read email from the pop
    server, the same userid/password are sent in the clear to the POP server.

    I try to use web email from hotspots, since the web login that permits this
    is encrypted. Also, I try to remember to log off the ISP before
    disconnecting at the hotspot. Not logging off may permit an eavesdropper to
    spoof your identity after you've left by using your MAC address.

    And, of course, unless you are using a VPN or an https web page, you should
    always assume that everything is completely readable to anyone who wants to
    eavesdrop.

    "Mogweed" <mogweedTWOTHOUSAND@hotmail.com> wrote in message
    news:cfq4ck$j5q$1@titan.btinternet.com...
    > A friend asked me something but as I know nothing about wifi I couldn't
    > answer it. I'm hoping someone here can :o)
    >
    > If he takes his laptop into a cafe or a bar where there is an open wifi
    > hotspot (presumably these are called access points??) and say, for
    instance,
    > he logs on to his ISPs mail server to pick up his email through that
    access
    > point, how secure is that connection? Would the login info for his email
    > server be cached anywhere for the owner of the access point (or anyone
    else
    > for that matter) to see after he's left the cafe?
    >
    > Sorry if these are really basic questions but as they say on "Who Wants to
    > be a Millionaire?" the questions are only easy if you know the answers
    :o)
    >
    > Cheers,
    >
    > Mogweed
    >
    >
  5. Archived from groups: alt.internet.wireless (More info?)

    "Mogweed" <mogweedTWOTHOUSAND@hotmail.com> wrote in message
    news:cfq4ck$j5q$1@titan.btinternet.com...
    > A friend asked me something but as I know nothing about wifi I couldn't
    > answer it. I'm hoping someone here can :o)
    >
    > If he takes his laptop into a cafe or a bar where there is an open wifi
    > hotspot (presumably these are called access points??) and say, for
    instance,
    > he logs on to his ISPs mail server to pick up his email through that
    access
    > point, how secure is that connection? Would the login info for his email
    > server be cached anywhere for the owner of the access point (or anyone
    else
    > for that matter) to see after he's left the cafe?

    The radio connection from his laptop to the Access Point is insecure; anyone
    can eavesdrop. The wire connection from the Access Point to the cloud is
    also insecure: anyone with minimal skill can eavesdrop there, too. The
    connection from the cloud to the originating computer the email was sent
    from ...

    If your friend has any secrets to keep and wants to send them via email,
    tell him to go to http://www.thawte.com/email/index.html and get a (free)
    email certificate so his friends can encrypt email they send him. His
    friends, of course, will need to do the same, and then he can send them
    encrypted replies.

    Once that system is in place, the end points will be the only insecure
    nodes: everything between them will be secure. Securing the originating and
    terminating computers is left as an excercise for the reader.

    HTH.

    William
    (Filter noise from my address for direct replies.)
  6. Archived from groups: alt.internet.wireless (More info?)

    On Mon, 16 Aug 2004 15:50:52 GMT, "William Warren"
    <william_warren_nonoise@comcast.net> wrote:

    >If your friend has any secrets to keep and wants to send them via email,
    >tell him to go to http://www.thawte.com/email/index.html and get a (free)
    >email certificate so his friends can encrypt email they send him. His
    >friends, of course, will need to do the same, and then he can send them
    >encrypted replies.

    One small problem... no self respecting hacker is interested in the
    contents of your email one message at a time. It's the login and
    password that is important and encrypting the payload does nothing for
    protecting the login and password. It's a variation on identity theft
    and here's how it works. I sniff your login and password. I would
    immediately login to your ISP's account admin page and change your
    password. You're now locked out of your own account. I would then
    snoop around and extract some personal info (name, phone number,
    address, zip code, address book, bank numbers, SSI, etc). I would
    then go to various accounts (ebay, paypal, banks) and select "forgot
    my password" which will email back the current or a new password.
    They will ask some kind of mundane authentication question that can
    usually be extracted from the personal info (i.e. acct number, zip
    code). If successful, I would login to PayPal or your bank and start
    spending wildly using your account. When done, I would erase the new
    email messages, and reset the password back to the original. You
    would not know what hit you until the bill arrives.

    Never mind the payload, protect the passwords.

    Note: I've never actually done this, but I've dealt with situations
    where it has happened.

    >Once that system is in place, the end points will be the only insecure
    >nodes: everything between them will be secure. Securing the originating and
    >terminating computers is left as an excercise for the reader.

    Umm... Sniffing the ethernet connection, or even the tapping the DSL
    line is possible, but not very sporting.

    Having your own SSL certificate is kinda nice, but for my business
    communications and HIPAA, I use various PGP mutations.
    http://web.mit.edu/network/pgp.html
    http://www.pgp.net
    http://www.gnupg.org
    http://www.pgp.com/products/
    Actually, I've been getting lazy lately and using ROT-13 and UUCP over
    TCP to my own servers, which most sniffing hackers don't have a clue
    how it works. Security by obscurity is not at all secure, but I
    figure it's better than nothing.


    --
    Jeff Liebermann jeffl@comix.santa-cruz.ca.us
    150 Felker St #D http://www.LearnByDestroying.com
    Santa Cruz CA 95060 AE6KS 831-336-2558
  7. Archived from groups: alt.internet.wireless (More info?)

    > Methinks that the best way to check your mail is through a secure web
    > server using SSL, or through a VPN provided by the ISP. These cannot

    What's wrong with IMAP/SSL (which has been either the recommended or the
    only way to read mail at my work for the last several years).

    > be sniffed. However, most users screw up badly by setting their email
    > clients to "check mail on startup" or "check mail every xx minutes"
    > which are usually the default. Same with cute little system tray

    I don't see in what way such settings affect security.


    Stefan
  8. Archived from groups: alt.internet.wireless (More info?)

    On Mon, 16 Aug 2004 16:32:19 GMT, Stefan Monnier
    <monnier@iro.umontreal.ca> wrote:

    >> Methinks that the best way to check your mail is through a secure web
    >> server using SSL, or through a VPN provided by the ISP. These cannot
    >
    >What's wrong with IMAP/SSL (which has been either the recommended or the
    >only way to read mail at my work for the last several years).

    Nothing wrong. Works fine if the ISP offers it. None of the ISP's I
    use offer it. I do have IMAP4+SSL running on my office server for
    testing, but never use it. Personally, I prefer VPN tunnels to my own
    servers as it has other uses besides moving email and SSH for
    character based stuff, because it's easy (using Putty). I'm not a
    security expert and I'm sure I missed some other authorization,
    authentication, and encryption mechanisms.

    >> be sniffed. However, most users screw up badly by setting their email
    >> clients to "check mail on startup" or "check mail every xx minutes"
    >> which are usually the default. Same with cute little system tray

    >I don't see in what way such settings affect security.

    Easy. Such applications are usually setup to send the login and
    password in the clear. In order to determine how many messages you
    have waiting, the application needs to send the POP3 login and
    password sequence. For example, I use AIM (AOL Instant Mess) and it
    will happily check if I have any email waiting at all my various
    accounts. Too bad it does it by sending it directly to my ISP's POP3
    server instead of going through the VPN tunnel I have setup. That's
    because it starts up *BEFORE* the tunnel is established, doesn't know
    about the tunnel, and doesn't have any mechanism to determining the
    preferred route to the POP3 server. By default, it sends the POP3
    login and password every 5 minutes, giving someone many chances at
    sniffing the traffic and extracting the login and password.

    Suggestion: Fire up a sniffer (wireless or ethernet) and sniff your
    own traffic. Setup a trap to log every time the sniffer see's your
    POP3 login and password. You'll be amazed at how many applications
    are trying to be helpful and check your mailbox in the clear. As I
    posted in another message, it's the login/passwd that's important, not
    the payload.


    --
    Jeff Liebermann jeffl@comix.santa-cruz.ca.us
    150 Felker St #D http://www.LearnByDestroying.com
    Santa Cruz CA 95060 AE6KS 831-336-2558
  9. Archived from groups: alt.internet.wireless (More info?)

    "Jeff Liebermann" <jeffl@comix.santa-cruz.ca.us> wrote in message
    news:kdk1i0pg07tkdcpc39k54ufm05oeqeis5m@4ax.com...
    > On Mon, 16 Aug 2004 11:04:52 +0000 (UTC), "Mogweed"
    > <mogweedTWOTHOUSAND@hotmail.com> wrote:
    >
    > One of the fun things to do is fire up a sniffer in areas where there
    > are a suitable number of wireless users and run a JPG sniffer:
    > http://ntkernelhacker.tripod.com/wireless/Pikachu.html
    > http://www.etherpeg.org
    > You get to see what everyone else is browsing. Amazing how much porno
    > comes across the wireless (usually from spyware) in the least expected
    > places. It also captures email, but that's usually boring.
    >
    > List of WinPcap based wireless sniffer tools:
    > http://winpcap.polito.it/misc/links.htm
    > Most are legitimate, but there are some interesting tools mixed in.
    >

    Do any of these work with 802.11 adapters on XP? Last I checked, Ethereal
    (which uses WinPcap) still does not claim to work on XP because there is no
    standardized interface to put 802.11 chips into promiscuous mode.

    > --
    > Jeff Liebermann jeffl@comix.santa-cruz.ca.us
    > 150 Felker St #D http://www.LearnByDestroying.com
    > Santa Cruz CA 95060 AE6KS 831-336-2558
  10. Archived from groups: alt.internet.wireless (More info?)

    On Mon, 16 Aug 2004 17:10:01 GMT, "gary" <pleasenospam@sbcglobal.net>
    wrote:

    >> List of WinPcap based wireless sniffer tools:
    >> http://winpcap.polito.it/misc/links.htm
    >> Most are legitimate, but there are some interesting tools mixed in.

    >Do any of these work with 802.11 adapters on XP? Last I checked, Ethereal
    >(which uses WinPcap) still does not claim to work on XP because there is no
    >standardized interface to put 802.11 chips into promiscuous mode.

    I could swear I had Ethereal running on WinPcap 3.1beta3 on XP Pro
    (pre-SP2) to sniff wireless packets. However, I don't own an XP
    machine, so I can't try it right now[1]. As I vaguely recall, I had
    to install the WildPackets Orinoco driver to enable promiscuous mode.
    http://www.wildpackets.com/support/hardware/ap_lucent_driver
    Also, methinks the W2K/XP NDIS 3.0 drivers will work with Ethereal.
    Those certainly work in promiscuous mode as Netstumbler and others use
    NDIS3.

    I'll try it when I have the time and an XP laptop that I can destroy.

    I do most of my sniffing using Linux (Kismet and Ethereal). However,
    my Linux hard disk crashed so I'm using a bootable cdrom full of
    wireless security tools. See:
    http://moser-informatik.ch/?page=products&lang=eng
    which includes all these tools:
    http://moser-informatik.ch/tools.html
    For logging, I use SSLWRAP to build a tunnel to my office server and
    dump the capture logs there.

    Also, the WinPcap FAQ recommends trying Windump:
    http://windump.polito.it
    to see if WinPcap can grab traffic. I just tried it on my W2K box and
    it does show packets.

    [1] I'm taking the day off to fix my truck, where chargeing an open
    circuit blew the alternator and glow plug timer controller. Time to
    get greasy.


    --
    Jeff Liebermann jeffl@comix.santa-cruz.ca.us
    150 Felker St #D http://www.LearnByDestroying.com
    Santa Cruz CA 95060 AE6KS 831-336-2558
  11. Archived from groups: alt.internet.wireless (More info?)

    >> What's wrong with IMAP/SSL (which has been either the recommended or the
    >> only way to read mail at my work for the last several years).
    > Nothing wrong. Works fine if the ISP offers it. None of the ISP's I
    > use offer it.

    A damn shame! Since they probably don't offer VPN either, you're basically
    stuck with a webmail/SSL which can be rather painful to use.
    Luckily you don't have to use your ISP's email system: after all, it's an
    *I*SP, not an *E*SP.

    >>> be sniffed. However, most users screw up badly by setting their email
    >>> clients to "check mail on startup" or "check mail every xx minutes"
    >>> which are usually the default. Same with cute little system tray
    >> I don't see in what way such settings affect security.
    > Easy. Such applications are usually setup to send the login and
    > password in the clear. In order to determine how many messages you

    Well, sending them in the clear is the problem, then, obviously.
    Checking mail at startup and/or regularly is mostly orthogonal.

    > have waiting, the application needs to send the POP3 login and
    > password sequence. For example, I use AIM (AOL Instant Mess) and it
    > will happily check if I have any email waiting at all my various
    > accounts. Too bad it does it by sending it directly to my ISP's POP3
    > server instead of going through the VPN tunnel I have setup. That's
    > because it starts up *BEFORE* the tunnel is established, doesn't know
    > about the tunnel, and doesn't have any mechanism to determining the
    > preferred route to the POP3 server. By default, it sends the POP3
    > login and password every 5 minutes, giving someone many chances at
    > sniffing the traffic and extracting the login and password.

    Make sure the server is *not-reachable* unless the VPN is up
    (it's behind a firewall and the VPN gets you through that firewall).

    > Suggestion: Fire up a sniffer (wireless or ethernet) and sniff your
    > own traffic. Setup a trap to log every time the sniffer see's your
    > POP3 login and password. You'll be amazed at how many applications
    > are trying to be helpful and check your mailbox in the clear.

    I wouldn't trust any application like AIM with my password anyway.

    > As I posted in another message, it's the login/passwd that's important,
    > not the payload.

    100% agreement. Tho, the password is sometimes part of the payload.


    Stefan
  12. Archived from groups: alt.internet.wireless (More info?)

    "Jeff Liebermann" <jeffl@comix.santa-cruz.ca.us> wrote in message
    news:r4n1i05mhi92ce1vcmh6qr0afsh3utlspt@4ax.com...
    > On Mon, 16 Aug 2004 15:50:52 GMT, "William Warren"
    > <william_warren_nonoise@comcast.net> wrote:
    >
    > >If your friend has any secrets to keep and wants to send them via email,
    > >tell him to go to http://www.thawte.com/email/index.html and get a (free)
    > >email certificate so his friends can encrypt email they send him. His
    > >friends, of course, will need to do the same, and then he can send them
    > >encrypted replies.
    >
    > One small problem... no self respecting hacker is interested in the
    > contents of your email one message at a time. It's the login and
    > password that is important and encrypting the payload does nothing for
    > protecting the login and password. [snip]
    >
    > Never mind the payload, protect the passwords.
    >
    [snip]

    > >Once that system is in place, the end points will be the only insecure
    > >nodes: everything between them will be secure. Securing the originating
    and
    > >terminating computers is left as an excercise for the reader.
    >
    > Umm... Sniffing the ethernet connection, or even the tapping the DSL
    > line is possible, but not very sporting.

    But easy for someone who really wants what you've got: including phishers.
    As I said, the endpoints remain insecure, and protecting them (and the
    passwords) is a different topic. Although I concede that "everything between
    them" only applies to the encrypted email, I was trying to make the point
    that it's futile to secure only one link in a long chain. We have to think
    end-to-end, and that includes end-to-end protection for sessions with your
    IMAP/POP server.

    I realize that POP ID's and passwords can be used to gain other passwords,
    but don't forget that most services now require a challenge-reponse
    transaction for "Lost Password" requests, where they ask (for example) the
    name of your favorite pet. In any case,since my ISP doesn't support SSL for
    POP sessions, I use a "sub" account for day-to-day email, which is set up so
    that it can't change its own password, and I _never_ allow email from places
    like Ebay or Billpay anywhere near it. If I want to check email on my other
    account names, I use SquirrelMail (http://www.squirrelmail.org/) and SSL
    connections to my home server, which is as secure as the various bills and
    documents in my file cabinet.

    > Having your own SSL certificate is kinda nice, but for my business
    > communications and HIPAA, I use various PGP mutations.
    > http://web.mit.edu/network/pgp.html
    > http://www.pgp.net
    > http://www.gnupg.org
    > http://www.pgp.com/products/

    I like gpg for the Unix world: Mutt and Exim support it natively, but SSL is
    built into OE, Netscape Messenger, Mozilla, etc., so I prefer it for my
    Wintel clients who need Plug 'N Pray operation and "one click" simplicity.

    > Actually, I've been getting lazy lately and using ROT-13 and UUCP over
    > TCP to my own servers, which most sniffing hackers don't have a clue
    > how it works. Security by obscurity is not at all secure, but I
    > figure it's better than nothing.

    It's better than tying a Garlic clove around your neck, since we can prove
    it's inefective ;-J.

    The point is that anyone wanting security, for passwords _or_ email or
    anything else, has to think end-to-end.

    HTH. YMMV.

    William
  13. Archived from groups: alt.internet.wireless (More info?)

    "Jeff Liebermann" <jeffl@comix.santa-cruz.ca.us> wrote in message
    news:eus1i0hte1ord8keihmktuqb5r395k7lus@4ax.com...
    > On Mon, 16 Aug 2004 17:10:01 GMT, "gary" <pleasenospam@sbcglobal.net>
    > wrote:
    >
    > >> List of WinPcap based wireless sniffer tools:
    > >> http://winpcap.polito.it/misc/links.htm
    > >> Most are legitimate, but there are some interesting tools mixed in.
    >
    > >Do any of these work with 802.11 adapters on XP? Last I checked, Ethereal
    > >(which uses WinPcap) still does not claim to work on XP because there is
    no
    > >standardized interface to put 802.11 chips into promiscuous mode.
    >
    > I could swear I had Ethereal running on WinPcap 3.1beta3 on XP Pro
    > (pre-SP2) to sniff wireless packets. However, I don't own an XP
    > machine, so I can't try it right now[1]. As I vaguely recall, I had
    > to install the WildPackets Orinoco driver to enable promiscuous mode.
    > http://www.wildpackets.com/support/hardware/ap_lucent_driver
    > Also, methinks the W2K/XP NDIS 3.0 drivers will work with Ethereal.
    > Those certainly work in promiscuous mode as Netstumbler and others use
    > NDIS3.

    If you install a proprietary (= not free, costs money) driver that exports
    an NDIS interface with Ethernet-style promiscuous control, then WinPcap will
    probably work. The proprietary drivers that come with wifi cards do NOT
    export such an interface. The drivers that come with commercial network
    analyzer software of course do. But I just checked, and AiroPeek costs at
    least $1000 retail. As an end user, I'm not paying that kind of money. And,
    since I'm not ethics-impaired, I'm not going to rip off a bootleg driver.

    Ethereal will certainly sniff packets on my XP, but *only* if I disable
    promiscuous mode. The packets I see are from the virtual Ethernet interface
    exported by my D-Link wifi driver. It filters out any management frames, and
    of course I only see traffic to/from the client, not any other net traffic.

    NetStumbler has never worked right on my XP. It sometimes appears to work
    when my D-Link driver has already initialized the network, but if try to get
    NetStumbler to do the probing, I get mixed results. If I disable/enable the
    D-Link adapter, NetStumbler won't even start.

    >
    > I'll try it when I have the time and an XP laptop that I can destroy.
    >
    > I do most of my sniffing using Linux (Kismet and Ethereal). However,
    > my Linux hard disk crashed so I'm using a bootable cdrom full of
    > wireless security tools. See:
    > http://moser-informatik.ch/?page=products&lang=eng
    > which includes all these tools:
    > http://moser-informatik.ch/tools.html
    > For logging, I use SSLWRAP to build a tunnel to my office server and
    > dump the capture logs there.
    >
    > Also, the WinPcap FAQ recommends trying Windump:
    > http://windump.polito.it
    > to see if WinPcap can grab traffic. I just tried it on my W2K box and
    > it does show packets.
    >
    > [1] I'm taking the day off to fix my truck, where chargeing an open
    > circuit blew the alternator and glow plug timer controller. Time to
    > get greasy.
    >
    >
    > --
    > Jeff Liebermann jeffl@comix.santa-cruz.ca.us
    > 150 Felker St #D http://www.LearnByDestroying.com
    > Santa Cruz CA 95060 AE6KS 831-336-2558
  14. Archived from groups: alt.internet.wireless (More info?)

    "gary" <pleasenospam@sbcglobal.net> wrote in message
    news:3y7Uc.8081$o54.5088@newssvr22.news.prodigy.com...
    >
    > "Jeff Liebermann" <jeffl@comix.santa-cruz.ca.us> wrote in message
    > news:eus1i0hte1ord8keihmktuqb5r395k7lus@4ax.com...
    > > On Mon, 16 Aug 2004 17:10:01 GMT, "gary" <pleasenospam@sbcglobal.net>
    > > wrote:
    > >

    I just want to say a big thank-you to all who have taken time to reply to my
    original query. It's much appreciated and I'm sure my friend will be more
    than happy with all the info you've provided.

    Cheers guys,

    Mogweed.
Ask a new question

Read More

Security WiFi Wireless Networking